Click to edit Master subtitle style

Microsoft Virtual Academy

Windows Intune for IT Pros Jump Start

M07: MDM Prerequisites & Cloud-only MDM Setup

David TesarRichard Harrison

First Half Second Half(01) Big Picture with Windows Intune

(07) MDM Prerequisites and Cloud-only MDM Setup

(02) Architecture Design Considerations

(08) Cloud-only Software Publishing and Deployment

(03) Extending Identity to Windows Azure Active Directory

(09) Setting Up & Configuring Unified Infrastructure (+ MDM Setup)

(04) Administrator Roles, Users and Groups

(10) Unified MDM Settings and Compliance

(05) Windows Intune Policies (11) Unified MDM Software Deployment

(06) Cloud-only PC Setup (12) End User Enrollment

Windows Intune for IT Pros Jump Start

• MDM Prerequisites• Cloud-Only MDM Setup

Module Overview

Click to edit Master subtitle style

Microsoft Virtual AcademyDirect MDM Setup and

Prerequisites

Direct Mobile Device Management Overview

2. Uses native management platform built into the mobile devices

3. Enables you to expose line-of-business applications to mobile users

1. Provides a new management experience across devices

Comparing Direct Mobile Device Management and Exchange ActiveSync

Direct MDM EAS

Implementation Managed directly from the cloud using the native management capabilities in the device

Managed from Exchange Server through the cloud using EAS

Requirements Integrated into Windows Intune Exchange Server 2010

Connector None Exchange Server Connector

Security Layer Operating System ApplicationCapability (dependent on platform)

• Hardware inventory• Policy Settings Management• Pull Software Distribution• Device Wipe (iOS and Windows Phone)• Compliance Monitoring• iCloud policy control (iOS only)

• Basic settings• Pull software distribution• Device wipe (iOS and Windows Phone)• Mailbox wipe (Windows 8 and Windows

RT)

App Distribution Windows 8 Apps Distribution (Self-Service App)Line-of-business application distribution through company portal (iOS)

Line-of-business application distribution through Web company portal

Mobile Device Management Setup Process

Configure Mobile Device Management Authority

Configure Windows RT Direct Management

Configure Windows Phone 8 Direct Management

Configure iOS Direct Management

Configure Exchange Management

Define Device Owners as Managed Users

Mobile Device Management Prerequisites

Windows RT Windows Phone 8

iOS EAS-baseddevice

Domain namefor enrollment server address

Domain namefor enrollment server address

Windows Phone Dev Center Company

account

Enterprise Mobile Code Signing

Certificate

Sideloading Key

Code-signing certificate (optional)

Company Portal

application

Company portal

application

Registration with Apple Developer Program

Exchange 2010 Server

Exchange Connector for ConfigMgr or Windows Intune

Apple Push Notification (APN)

certificate

Apple Developer Enterprise Program

Web-based company

portal

Depends on platform

Infrastructure Requirements

Deployment Requirements

End user experience

http://aka.ms/cpnepj http://aka.ms/uv1ytlhttp://aka.ms/x31ri1http://aka.ms/lanmep

What is Sideloading?

• Sideloading is the application development, publishing and installation process for Windows 8 devices without going through the Windows Store

What platforms can Sideload?

• Windows 8 Enterprise and Pro• Windows 8 RT (see later topic)

How do I enable Sideloading?

• Join computer to domain (Windows 8 Enterprise)• Change policy setting (non-domain joined or Windows 8 Pro)

• HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1• Obtain Sideloading Key from Volume License Service Center (VLSC)

Sideloading Windows 8 Applications

See Windows 8 Sideloading Requirements for more details: http://aka.ms/lanmep

Deploying Software to Windows 8 RT

Note that all LOB apps must be code-signed

Obtain and upload a

Sideloading key

Before you can install sideloaded line of business (LOB) apps on Windows RT you must obtain and activate sideloading keys from the VLSC.

You then upload your Sideloading key from the Windows Intune Administration console

Upload Code-Signing Certificate

If you have a certificate from your company’s Certificate Authority, then in the Windows Intune Administrator console you can use the Modify Code-Signing Certificate option to specify the code-signing certificate you want to use for your LOB Windows 8 apps

Deploying Apps to Windows Phone 8

• Use Windows Phone 8 SDK to sign apps with Organization’s Enterprise Mobile Code Signing Certificate

Sign your LOB app

• Upload signed LOB apps from the Windows Intune administrator console and deploy to target users

Upload and

publish LOB apps

• If developing in-house apps, purchase membership• Requires DUNS number

Join the iOS Developer Enterprise Program

Deploying Apps to iOS Devices

DEMOCloud-Only MDM Setup

• MDM Prerequisites• Cloud-Only MDM Setup

Module Summary

©2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, Office, Azure, System Center, Dynamics and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.